Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't delete files and ransomware alert


  • Please log in to reply
4 replies to this topic

#1 GuyFawkes1605

GuyFawkes1605

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 25 August 2017 - 01:24 PM

Hi
 
Today i discovered that i have files that i do not know. I tried to delete them but I could not because the files were used.
I restarted my PC and removed them. When i do this, I get a notification from Cyberreason Ransom free that there was a threat.
Hver gang jeg sletter dem, kommer de tilbage i forskjellige navn. I already tried: Norton Security, adwCleaner, bitDefender and microsoft safety scanner.
 
I'm not very good with PC so i do not know the exact virus. I apologize if it is in the wrong forum.
(Sorry for bad english)
 
And how can I put a image here? ( I think it will help)
 
How can I delete them forever?

Edited by GuyFawkes1605, 25 August 2017 - 01:25 PM.


BC AdBot (Login to Remove)

 


#2 34BLEEP00XX

34BLEEP00XX

  • Members
  • 272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:02:53 PM

Posted 25 August 2017 - 01:34 PM

Where those files in strange folder like Ascan136 or Tdon121? If it is a folder that changes name all the time then those files are legit. They are part Cybereason RansomFree shielding / behaviour files.


Edited by 34BLEEP00XX, 25 August 2017 - 01:38 PM.


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,486 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:53 AM

Posted 25 August 2017 - 05:54 PM

There are some ransomware protection software which deliberately create dummy folders containing randomly named .bmp, .png, .gif, .jpg, .pem, .xls, .mdb, .txt, .sql, .docx, .doc, .xlsx, .xls, .rtf, and .txt files in various locations (and partitions) on your computer as part of its functionality. These are actually trap folders and files...patterns of files and hidden virtual files that ransomware is attracted to and the feature is more commonly referred to as "Entrapment Protection".

2q9jm7a.jpg
fuugba.jpg

Cybereason Ransomfree and CryptoMonitor by Nathan Scott (which is no longer supported) were among the first programs to include this feature...see this related discussion.

I quote Nathan's explanation of Entrapment Protection from his now closed EasySync web site in this topic.

Entrapment Protection
Entrapment Protection lays numerous different types of traps all around your system that a Ransomware Infection cannot resist to touch. These traps send encrypted pattern signals back and forth between CryptoMonitor and themselves constantly. When a Ransomware Infection falls into one of these traps, the pattern is broken and CryptoMonitor immediately takes action. Once this happens, the machine is locked down and you are alerted about the infection and prompted for your decision on what actions to take. During this time, no file modifications are allowed, so your files are safe while you think about your course of action. With this protection enabled you may notice a few hidden files, registry keys, folders, and services running, but don't worry, they are there to protect you!

If you attempt to delete these files and folders, RansomFree will re-create them.

The use of trap files and folders is not a 100% solution...some data files typically will end up being encrypted by ransomware but whatever helps with prevention, I consider useful.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 GuyFawkes1605

GuyFawkes1605
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 26 August 2017 - 02:26 AM

The names are:

On my D disk: Xuser 235 and 3Cdetails150

On my C disk: Xdocuments126, Acuse61 and in the folder Users: Akgvg and Qfir44m

 

I was worried because I was therefor on piratebay.

 

Thanks a lot



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,486 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:53 AM

Posted 26 August 2017 - 06:17 AM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users